Security

 View Only
last person joined: 10 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Which ClearPass HTTPS certificate should I choose between ECC and RSA?

This thread has been viewed 17 times
  • 1.  Which ClearPass HTTPS certificate should I choose between ECC and RSA?

    Posted 27 days ago

    Hi All,

    Which HTTPS certificate type should I use on ClearPass between ECC and RSA?



  • 2.  RE: Which ClearPass HTTPS certificate should I choose between ECC and RSA?

    Posted 27 days ago

    normally use the RSA and disable the ECC



    ------------------------------
    ACMP ACSP ACCP ACEP ACDP
    ------------------------------



  • 3.  RE: Which ClearPass HTTPS certificate should I choose between ECC and RSA?

    Posted 27 days ago

    Depends. Is your HTTP certificate elliptical curve or RSA?  ECC is more secure.




  • 4.  RE: Which ClearPass HTTPS certificate should I choose between ECC and RSA?

    Posted 14 days ago

    ECC is more modern, and can be more secure. The real benefit is that you can have much shorter keys with ECC to get an equivalent security compared to RSA. Also implementing ECC in software or hardware is much more efficient which provides better performance.

    I moved to ECC for my ClearPass years ago, and have not really seen issues. All (somewhat) modern devices tend to support ECC certificates.

    Just make sure that you disable the HTTPS-RSA certificate in ClearPass if you install an ECC certificate. Just one should be enabled, RSA or ECC.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------